{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《Chrome Certificate Selection appears multiple time》','https://www.manongdao.com/q-1221550.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I got a ssl enabled site in an intranet server. It has an official server certificate issued by a valid CA. Yet it's expired since last month. I access it using a USB A3 token. Since it's expired I have create a security exception for it. If I use firefox it all works fine.
The problem is when I try to access it with Chrome. First time I access, it correctly prompts me the token password followed by the certificate selection dialog. But after that it keeps showing the certification selection popup (not the token password) at every page I enter. Instead it should ask one time and cache the certificate selection to the other pages just like firefox does.
The site uses Apache, PHP, Symfony and PostgreSQL. It has an apache redirect rule to translate /domainname.com/site/app.php/ to /domainname.com/site/
Anyone knows why is this ?
Found it:
This question mentions the configuration I want. But it doesn't say how to use it. I found that this page here, explains how to configure policies for Chrome/Chromium. Now, in Chrome discussion forum (here), I found that in Linux both Chrome and Chromium use the same policy dir (/etc/opt/chrome/policies/managed). If you put a valid policy file there it will load it. So double check for validity. It got to be json formated as the template exemplifies. Because of that, remember that it's name ends with .json extension. Now we can use the policy mentioned in the aforementioned question. Put this configuration in the policy file:
you obviously substitute
<Your issuer CN>with the correct CN in your certificate.Restart Chrome, and you're done. To check if the policy was correctly loaded by Chrome/Chromium you can use the following url: chrome://policy
This worked, after changing the filter to be more permissive as in the following:
Also to see policy try the following:
chrome:policyFor anyone experiencing the same issue on Windows 7, the following steps work on Chrome 77.0.3865.105:
As per Chromium documentation, the configuration should be set in the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls(create the key if it doesn't already exist). The patterns for certificate auto-selection are created as String values (REG_SZ) with names1,2,3, etc... Note that JSON escaping is not required, so a valid configuration would beHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls\1 = {"pattern":"*","filter":{}}